To stay ahead in a digital-first economy, banks are adopting new business models enabled by digital transformation. However, while speed is essential in today's financial marketplace, it also increases the frequency and surface of attacks, which leaves banks open to cyber risks. As customers increasingly rely on digital banking, securing personal data is becoming more challenging. Banks being custodians of customer trust, have to ensure that this trust is sustained by continually prioritizing cyber security policies. We spoke with Muneer H KongaWani, CISO, The J&K Bank Limited, on the importance of maintaining resilience and trust in banking.In the banking industry, cybersecurity needs to be in the mix to enable resilient services and digital trust; what are your recommendations?
Security governance, risk management, and compliance with laws, regulations, and statutes have been the cornerstone and key pillars of the financial services industry. As a bank, we need to not only test, strengthen, and transform our cyber resilience but also ensure that we have an effective business-aligned security strategy in place to keep cyber risks to the bare minimum; this not only helps comply with regulations but also to avoid reaching a point of no return.
Over the past few years, Banking cybersecurity experts have learned that organizations need to be more resilient to survive and thrive in an ever-growing and ever-more-precarious digital world. It is absolutely essential to have the capability to prevent cyberattacks, protect data, maintain business operations, and possess sufficient procedures and resources to recover effectively if a successful attack were to occur. In short, digital resiliency is a must in banking.
In response to the demand to be more digitally resilient and better prepared, the financial services believe it is time to fortify itself and better protect its crown jewels from cyberattacks and respond to adversaries' aggression like ransomware, destructive malware like wipers , targeted zero-day attacks, advanced persistent threats, or distributed denial-of-service (DDoS) attacks, etc.
Banks should work with cross-vendor openness and integration, as when security solutions work together across the ecosystem, the sum of their products is greater than the individual parts, deepening your level of cyber protection and providing the defence in depth capabilities. Banks must innovate to stay competitive; new initiatives don't come without risk. How do you manage to strike a balance between innovation and security?
Financial services organizations must keep innovating and leveraging new business opportunities to thrive and remain competitive. These new initiatives will need to be supported with intelligent digital infrastructure transformation to reduce costs and maintain agility and improve operational efficiency, customer experience, and interactions in existing and new channels with a more personalized approach.
Banks must respond to challenges in a digital-first economy by continuously investing in strategic initiatives and delivering new services and digital business models. Customer experience forms the hallmark of a digital transformation journey. It is a significant market driver and competitive advantage in the banking industry. New customer-centric initiatives must provide a differentiated and seamless experience to customers who expect fast, easy, full, and secure access from anywhere, anytime, and on their devices.
However, this doesn't come without risks. The technology skills gap within organizations must be immediately addressed first, and banks must ensure employees are trained and reskilled in the organization's technologies. Second, while sharing data with industry peers, they must implement best practices and identify potential trust issues. To begin, innovation and transformation efforts need to be interwoven with security. For this to work, security must be included from a project's inception, not as a bolt-on after a project and its services are launched.In today's fast-evolving banking landscape, what strategies should banks adopt to ensure their readiness for the future, and where should they focus their efforts to achieve success?
Zero-touch technology or maximum automation, managed services, and cloud adoption will enable FSOs to innovate faster, optimize costs and minimize time to market. Zero-touch technology deployment allows banks to seamlessly integrate with the rest of the organization, build self-service, and reduce manual labour costs, by adopting Robotic Process Automation and artificial intelligence-powered chatbots to deal with customers. We are seeing in investment banking robot advisors use machine learning-powered algorithms to help retail investors make better decisions. Thanks to cloud platforms and managed services, these new products and services are economically feasible because they shift traditional CapEx to activities that create more value.
New platforms provide data and analytics for anticipating customer needs and hyper-personalizing the customer journey. Customer data, such as investment patterns, can guide an advisor to recommend portfolio choices aligned with customer preference. Similarly, AI systems can quickly assess a customer's issue to redirect them to the nearest branch or get the appropriate representative involved.
Open banking is bringing about a massive change for banks, helping them realize the power of APIs. Building Banking as a Service (BaaS) applications will allow us to develop new services and create stronger customer retention and relationship building.
How has Fortinet's Security Fabric and its cybersecurity mesh approach helped in building trust and security in the Bank's IT infrastructure?
For me, security is a key element that underpins trust because banks being custodians of customer trust, need to protect the data and applications that make good customer experiences possible. By maintaining the confidentiality, integrity, availability, functionality, and performance of the digital ecosystem, effective security measures can guarantee a positive customer experience.
The Bank is securing its digital operations with FortiGate Next-Generation Firewalls (NGFWs) through which all internet traffic is routed at the data centre and branches. As with any organization that accepts, transmits, or stores customer financial data, the Bank being PCI-DSS Certified has to comply with the standard laid down by PCI-DSS Council. Thanks to the security rating capability within the FortiOS operating system, we are now able to continually check and gauge the level of compliance Required for banks.
For additional security, availability, and optimization of the Bank's applications, FortiWeb was deployed with advanced security features such as a web application firewall (WAF), protection from file upload attacks and application-targeted DDoS attacks, bringing full visibility to application and service delivery network. We have been leveraging the AI/ML feature of FortiWeb to continually monitor the threats and re-orchestrate the policies for the effective security of our web applications.
Given all these tools we needed an efficient way to manage the security solution centrally. We use the FortiManager network operation solution to centrally control our network security ecosystem. By having a single administration tool, we have also simplified several processes, such as applying unified security policies that immediately apply to every single device connecting to the network.
With FortiAnalyzer, we added real-time incident logging and reporting, which has been an important area not only from a security monitoring perspective but from cyber forensics and compliance perspective. The Bank also uses FortiAuthenticator Services for Identification, Authentication, and Access Control of its mobile workforce and critical access to the security setups. With these deployments tightly integrated with other security solutions, the Bank can react instantly or even automatically to incoming threats. Through the collaborative sharing of threat intelligence and AI-driven automation of threat response, the solutions work in concert to form a Fortinet Security Fabric Mesh Platform, which provides broad visibility and greater control of the digital attack surface.The pages slugged ‘Brand Connect’ are equivalent to advertisements and are not written and produced by Forbes India journalists.